CS535C_HW1

.docx

School

Northwestern Polytechnic University *

*We aren’t endorsed by this school

Course

535

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

9

Uploaded by arsaikiran11

Report
CS535C_HW1 1. Discussion Board o Please give an example of an hardware opponent which can access any message sent from a sender and a receiver. Algorithms use same idea as traditional cryptography, but relies algorithms with long keys. Transpositions & substitutions ciphers can be implemented with simple (hardware) circuits: P-box & S-box. Together are used for a product cipher, cascading series of product cipher boxes. Also known as block cipher algorithms. Process plain text in fixed block sizes producing block of cipher text of equal size Example: Mobile device o What is the organization NSA? How does it affect security industry? The National Security Agency (NSA) is a U.S. intelligence agency responsible for global monitoring, collection, decoding, translation and analysis of information and data for foreign intelligence and counterintelligence purposes - a discipline known as Signals intelligence (SIGINT). NSA is also charged with protection of U.S. government communications and information systems against penetration and network warfare. The agency is authorized to accomplish its mission through clandestine means, among which are bugging electronic systems and allegedly engaging in sabotage through subversive software. The NSA leaks just keep on coming. The nation’s suddenly-not-so- secretive spy agency has made huge strides in compromising some forms of encryption that help keep information private on the Web. This was done through known workarounds, “covertly introducing weaknesses into encryption standards” and strong-arming companies into handing over encryption keys or stealing them. o NSA prefers exportable security algorithms easier to break or harder to break? The use, export, and/or import of implementations of encryption algorithms are restricted in many countries, and the laws can change
CS535C_HW1 quite rapidly. For symmetric-key encryption (e.g., for bulk encryption), don't use a key length less than 90 bits if you want the information to stay secret through 2016 (add another bit for every additional 18 months of security) [Blaze 1996]. For encrypting worthless data, the old DES algorithm has some value, but with modern hardware it's too easy to break DES's 56-bit key using brute force. If you're using DES, don't just use the ASCII text key as the key - parity is in the least (not most) significant bit, so most DES algorithms will encrypt using a key value well-known to adversaries; instead, create a hash of the key and set the parity bits correctly (and pay attention to error reports from your encryption routine). So-called ``exportable'' encryption algorithms only have effective key lengths of 40 bits, and are essentially worthless; in 1996 an attacker could spend $10,000 to break such keys in twelve minutes or use idle computer time to break them in a few days, with the time-to-break halving every 18 months in either case. 2. 2. Briefly describe the 6 security building blocks? Which block is required for eCommerce? 1.Access Control Authentication (e.g., entity authentication and message authentication) (proof) [*] Entity authentication Entity authentication is the process whereby one party is assured (through acquisition of corroborative evidence) of the identity of a second party involved in a protocol, and that the second has actually participated Message authentication (= Data origin authentication) Data origin authentication is a type of authentication whereby a party is coroborated as the (original) source of specified data created at some (typically unspecified) time in the past. (Page 361 of the book "Handbook of Applied Cryptography") Authorization ( authorize) 2.Data Integrity (modify)
CS535C_HW1 3. Data Confidentiality (= secrecy) Data integrity is the property whereby data has not been altered in an unauthorized manner since the time it was created, transmitted, or stored by an authorized source. 4.Non-Repudiation (deny) [*] Prevent source or destination denial. 5.Privacy (Recognize by someone) Privacy is about people. Is in the eye of the participant E.g., a female student does not want to be seen entering into pregnancy counseling center. Confidentiality is about data In regards to an organization (e.g., HIPAA) E.g., protects patients from inappropriate disclosures of health information. 6.Auditing 3. 3. Virus What is the difference between worm and virus? Viruses A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software and causing denial-of-service (DoS) conditions. Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program. When the host code is executed, the viral code is executed as well. Normally, the host program keeps functioning after it is infected by the virus. However, some viruses overwrite other
CS535C_HW1 programs with copies of themselves, which destroys the host program altogether. Viruses spread when the software or document they are attached to is transferred from one computer to another using the network, a disk, file sharing, or infected e-mail attachments. Worms Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file- transport or information-transport features on the system, allowing it to travel unaided. o Where is boot virus stored? A boot virus (also known as a boot infector or an MBR or DBR virus) targets and infects a specific, physical section of a computer system that contains information crucial to the proper operation of the computer's operating system (OS). Boot viruses may differ based on whether they target the MBR, the DBR or the FBR: The MBR is the first sector of a hard drive and is usually located on track 0. It contains the initial loader and information about partition tables on a hard disk. The DBR is usually located a few sectors (62 sectors after on a hard disk with 63 sectors per track) after the MBR, and contains the initial loader for an operating system and logical drive information. The FBR is use for the same purposes as DBR on a hard drive, but it is located on the first track of a diskette. Can a virus attached to data?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help